Last updated: March 11, 2025

SCWE-033: Chain Split Risks

Stable Version v0.0.1

This content is in the version-(v0.0.1) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

• CWE-20: Improper Input Validation
  CWE-20 Link

Description

Chain split risks refer to vulnerabilities that arise when a blockchain splits into multiple chains, such as during a hard fork. This can lead to: - Confusion or inconsistencies in contract logic. - Loss of funds or data. - Exploitation of vulnerabilities in cross-chain operations.

Remediation

• Handle chain splits: Implement logic to handle potential chain splits.
• Use chain identifiers: Include chain identifiers in cross-chain communications.
• Test thoroughly: Conduct extensive testing to ensure contract logic is robust.

Examples

• Vulnerable to Chain Splits

  pragma solidity ^0.8.0;
  
  contract ChainSplitVulnerable {
      function processTransaction(bytes memory data) public {
          // Process transaction without chain split handling
      }
  }
  

• Protected Against Chain Splits

  pragma solidity ^0.8.0;
  
  contract ChainSplitProtected {
      uint public chainId;
  
      constructor(uint _chainId) {
          chainId = _chainId;
      }
  
      function processTransaction(bytes memory data, uint transactionChainId) public {
          require(transactionChainId == chainId, "Invalid chain ID");
          // Process transaction
      }
  }
  

---